1 files changed, 10 insertions, 72 deletions
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index 0897e1d8..6214569a 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -12,7 +12,7 @@ let
 in {
  imports = with flake.nixosModules.systemProfiles; [
    ./hw.nix
-    ./mail ./libvirt ./greetd
+    ./email ./libvirt ./greetd
    tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines niri-unstable networkmanager
    flakeInputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1
    flakeInputs.impermanence.nixosModules.impermanence
@@ -126,40 +126,16 @@ in {
        rulesetFile = ./ruleset.nft;
      };
-      # firewall = {
-      #   enable = true;
-      #   allowedTCPPorts = [ 22 # ssh
-      #                       8000 # quickserve
-      #                     ];
-      # };
-      # wlanInterfaces = {
-      #   wlan0 = {
-      #     device = "wlp82s0";
-      #   };
-      # };
-      # bonds = {
-      #   "lan" = {
-      #     interfaces = [ "wlan0" "enp0s31f6" "dock0" ];
-      #     driverOptions = {
-      #       miimon = "1000";
-      #       mode = "active-backup";
-      #       primary_reselect = "always";
-      #     };
-      #   };
-      # };
      useDHCP = false;
      useNetworkd = true;
-      # interfaces."tinc.yggdrasil" = {
-      #   virtual = true;
-      #   virtualType = config.services.tinc.networks.yggdrasil.interfaceType;
-      #   macAddress = "5c:93:21:c3:61:39";
-      # };
    };
+    environment.etc."NetworkManager/dnsmasq.d/dnssec.conf" = {
+      text = ''
+        conf-file=${pkgs.dnsmasq}/share/dnsmasq/trust-anchors.conf
+        dnssec
+      '';
+    };
    environment.etc."NetworkManager/dnsmasq.d/libvirt_dnsmasq.conf" = {
      text = ''
        except-interface=virbr0
@@ -402,19 +378,6 @@ in {
    ];
    services = {
-      uucp = {
-        enable = true;
-        nodeName = "sif";
-        remoteNodes = {
-          "ymir" = {
-            publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6KNtsCOl5fsZ4rV7udTulGMphJweLBoKapzerWNoLY root@ymir"];
-            hostnames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"];
-          };
-        };
-        defaultCommands = lib.mkForce [];
-      };
      avahi.enable = true;
      fwupd.enable = true;
@@ -433,8 +396,8 @@ in {
      logind = {
        lidSwitch = "suspend";
-        lidSwitchDocked = "lock";
+        lidSwitchDocked = "ignore";
-        lidSwitchExternalPower = "lock";
+        lidSwitchExternalPower = "ignore";
      };
      atd = {
@@ -640,25 +603,6 @@ in {
    environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf;
-    systemd.services."ac-plugged" = {
-      description = "Inhibit handling of lid-switch and sleep";
-      path = with pkgs; [ systemd coreutils ];
-      script = ''
-        exec systemd-inhibit --what=handle-lid-switch --why="AC is connected" --mode=block sleep infinity
-      '';
-      serviceConfig = {
-        Type = "simple";
-      };
-    };
-    services.udev.extraRules = with pkgs; lib.mkAfter ''
-      SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="${systemd}/bin/systemctl --no-block stop ac-plugged.service"
-      SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service"
-    '';
    systemd.services."nix-daemon".serviceConfig = {
      MemoryAccounting = true;
      MemoryHigh = "50%";
@@ -718,7 +662,7 @@ in {
      directories = [
        "/nix"
        "/root"
-        "/home"
+        "/home"
        "/var/log"
        "/var/lib/sops-nix"
        "/var/lib/nixos"
@@ -729,8 +673,6 @@ in {
        "/var/lib/upower"
        "/var/lib/postfix"
        "/etc/NetworkManager/system-connections"
-        { directory = "/var/uucp"; user = "uucp"; group = "uucp"; mode = "0700"; }
-        { directory = "/var/spool/uucp"; user = "uucp"; group = "uucp"; mode = "0750"; }
      ];
      files = [
      ];
@@ -751,10 +693,6 @@ in {
    home-manager.sharedModules = [ flakeInputs.nixVirt.homeModules.default ];
-    environment.pathsToLink = [
-      "share/zsh"
-    ];
    system.stateVersion = "24.11";
  };
 }

diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index 0897e1d8..6214569a 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix
@@ -12,7 +12,7 @@ let
12	in {	12	in {
13	imports = with flake.nixosModules.systemProfiles; [	13	imports = with flake.nixosModules.systemProfiles; [
14	./hw.nix	14	./hw.nix
15	./mail ./libvirt ./greetd	15	./email ./libvirt ./greetd
16	tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines niri-unstable networkmanager	16	tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines niri-unstable networkmanager
17	flakeInputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1	17	flakeInputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1
18	flakeInputs.impermanence.nixosModules.impermanence	18	flakeInputs.impermanence.nixosModules.impermanence
@@ -126,40 +126,16 @@ in {
126	rulesetFile = ./ruleset.nft;	126	rulesetFile = ./ruleset.nft;
127	};	127	};
128		128
129	# firewall = {
130	# enable = true;
131	# allowedTCPPorts = [ 22 # ssh
132	# 8000 # quickserve
133	# ];
134	# };
135
136	# wlanInterfaces = {
137	# wlan0 = {
138	# device = "wlp82s0";
139	# };
140	# };
141
142	# bonds = {
143	# "lan" = {
144	# interfaces = [ "wlan0" "enp0s31f6" "dock0" ];
145	# driverOptions = {
146	# miimon = "1000";
147	# mode = "active-backup";
148	# primary_reselect = "always";
149	# };
150	# };
151	# };
152
153	useDHCP = false;	129	useDHCP = false;
154	useNetworkd = true;	130	useNetworkd = true;
155
156	# interfaces."tinc.yggdrasil" = {
157	# virtual = true;
158	# virtualType = config.services.tinc.networks.yggdrasil.interfaceType;
159	# macAddress = "5c:93:21:c3:61:39";
160	# };
161	};	131	};
162		132
		133	environment.etc."NetworkManager/dnsmasq.d/dnssec.conf" = {
		134	text = ''
		135	conf-file=${pkgs.dnsmasq}/share/dnsmasq/trust-anchors.conf
		136	dnssec
		137	'';
		138	};
163	environment.etc."NetworkManager/dnsmasq.d/libvirt_dnsmasq.conf" = {	139	environment.etc."NetworkManager/dnsmasq.d/libvirt_dnsmasq.conf" = {
164	text = ''	140	text = ''
165	except-interface=virbr0	141	except-interface=virbr0
@@ -402,19 +378,6 @@ in {
402	];	378	];
403		379
404	services = {	380	services = {
405	uucp = {
406	enable = true;
407	nodeName = "sif";
408	remoteNodes = {
409	"ymir" = {
410	publicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG6KNtsCOl5fsZ4rV7udTulGMphJweLBoKapzerWNoLY root@ymir"];
411	hostnames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil"];
412	};
413	};
414
415	defaultCommands = lib.mkForce [];
416	};
417
418	avahi.enable = true;	381	avahi.enable = true;
419		382
420	fwupd.enable = true;	383	fwupd.enable = true;
@@ -433,8 +396,8 @@ in {
433		396
434	logind = {	397	logind = {
435	lidSwitch = "suspend";	398	lidSwitch = "suspend";
436	lidSwitchDocked = "lock";	399	lidSwitchDocked = "ignore";
437	lidSwitchExternalPower = "lock";	400	lidSwitchExternalPower = "ignore";
438	};	401	};
439		402
440	atd = {	403	atd = {
@@ -640,25 +603,6 @@ in {
640		603
641	environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf;	604	environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf;
642		605
643	systemd.services."ac-plugged" = {
644	description = "Inhibit handling of lid-switch and sleep";
645
646	path = with pkgs; [ systemd coreutils ];
647
648	script = ''
649	exec systemd-inhibit --what=handle-lid-switch --why="AC is connected" --mode=block sleep infinity
650	'';
651
652	serviceConfig = {
653	Type = "simple";
654	};
655	};
656
657	services.udev.extraRules = with pkgs; lib.mkAfter ''
658	SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="${systemd}/bin/systemctl --no-block stop ac-plugged.service"
659	SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service"
660	'';
661
662	systemd.services."nix-daemon".serviceConfig = {	606	systemd.services."nix-daemon".serviceConfig = {
663	MemoryAccounting = true;	607	MemoryAccounting = true;
664	MemoryHigh = "50%";	608	MemoryHigh = "50%";
@@ -718,7 +662,7 @@ in {
718	directories = [	662	directories = [
719	"/nix"	663	"/nix"
720	"/root"	664	"/root"
721	"/home"	665	"/home"
722	"/var/log"	666	"/var/log"
723	"/var/lib/sops-nix"	667	"/var/lib/sops-nix"
724	"/var/lib/nixos"	668	"/var/lib/nixos"
@@ -729,8 +673,6 @@ in {
729	"/var/lib/upower"	673	"/var/lib/upower"
730	"/var/lib/postfix"	674	"/var/lib/postfix"
731	"/etc/NetworkManager/system-connections"	675	"/etc/NetworkManager/system-connections"
732	{ directory = "/var/uucp"; user = "uucp"; group = "uucp"; mode = "0700"; }
733	{ directory = "/var/spool/uucp"; user = "uucp"; group = "uucp"; mode = "0750"; }
734	];	676	];
735	files = [	677	files = [
736	];	678	];
@@ -751,10 +693,6 @@ in {
751		693
752	home-manager.sharedModules = [ flakeInputs.nixVirt.homeModules.default ];	694	home-manager.sharedModules = [ flakeInputs.nixVirt.homeModules.default ];
753		695
754	environment.pathsToLink = [
755	"share/zsh"
756	];
757
758	system.stateVersion = "24.11";	696	system.stateVersion = "24.11";
759	};	697	};
760	}	698	}